fix: openid and cookies

Author: sattvikc

supertokens_python/recipe/oauth2provider/api/auth.py

@@ -14,10 +14,10 @@
 
 from __future__ import annotations
 
-from datetime import datetime
 from http.cookies import SimpleCookie
 from typing import TYPE_CHECKING, Any, Dict
 from urllib.parse import parse_qsl
+from dateutil import parser
 
 from supertokens_python.recipe.session.asyncio import get_session
 from supertokens_python.recipe.session.exceptions import TryRefreshTokenError
@@ -85,7 +85,7 @@ async def auth_get(
                         domain=morsel.get("domain"),
                         secure=morsel.get("secure", True),
                         httponly=morsel.get("httponly", True),
-                        expires=datetime.strptime(morsel.get("expires", ""), "%a, %d %b %Y %H:%M:%S %Z").timestamp() * 1000,  # type: ignore
+                        expires=parser.parse(morsel.get("expires", "")).timestamp() * 1000,  # type: ignore
                         path=morsel.get("path", "/"),
                         samesite=morsel.get("samesite", "lax"),
                     )

supertokens_python/recipe/oauth2provider/api/login.py

@@ -16,7 +16,7 @@
 
 from typing import TYPE_CHECKING, Any, Dict, Optional
 
-from datetime import datetime
+from dateutil import parser
 
 from supertokens_python.exceptions import raise_bad_input_exception
 from supertokens_python.framework import BaseResponse
@@ -87,7 +87,7 @@ async def login(
                         domain=morsel.get("domain"),
                         secure=morsel.get("secure", True),
                         httponly=morsel.get("httponly", True),
-                        expires=datetime.strptime(morsel.get("expires", ""), "%a, %d %b %Y %H:%M:%S %Z").timestamp() * 1000,  # type: ignore
+                        expires=parser.parse(morsel.get("expires", "")).timestamp() * 1000,  # type: ignore
                         path=morsel.get("path", "/"),
                         samesite=morsel.get("samesite", "lax").lower(),
                     )

supertokens_python/recipe/oauth2provider/recipe.py

@@ -346,9 +346,8 @@ async def get_default_access_token_payload(
             payload["emails"] = user.emails
 
         if "phoneNumber" in scopes:
-            payload["phoneNumber"] = (
-                user.phone_numbers[0] if user.phone_numbers else None
-            )
+            if user.phone_numbers:
+                payload["phoneNumber"] = user.phone_numbers[0]
             payload["phoneNumber_verified"] = (
                 any(
                     lm.has_same_phone_number_as(user.phone_numbers[0]) and lm.verified
@@ -387,9 +386,8 @@ async def get_default_id_token_payload(
             payload["emails"] = user.emails
 
         if "phoneNumber" in scopes:
-            payload["phoneNumber"] = (
-                user.phone_numbers[0] if user.phone_numbers else None
-            )
+            if user.phone_numbers:
+                payload["phoneNumber"] = user.phone_numbers[0]
             payload["phoneNumber_verified"] = (
                 any(
                     lm.has_same_phone_number_as(user.phone_numbers[0]) and lm.verified

supertokens_python/recipe/openid/api/implementation.py

@@ -30,5 +30,15 @@ async def open_id_discovery_configuration_get(
             )
         )
         return OpenIdDiscoveryConfigurationGetResponse(
-            response.issuer, response.jwks_uri
+            issuer=response.issuer,
+            jwks_uri=response.jwks_uri,
+            authorization_endpoint=response.authorization_endpoint,
+            token_endpoint=response.token_endpoint,
+            userinfo_endpoint=response.userinfo_endpoint,
+            revocation_endpoint=response.revocation_endpoint,
+            token_introspection_endpoint=response.token_introspection_endpoint,
+            end_session_endpoint=response.end_session_endpoint,
+            subject_types_supported=response.subject_types_supported,
+            id_token_signing_alg_values_supported=response.id_token_signing_alg_values_supported,
+            response_types_supported=response.response_types_supported,
         )

supertokens_python/recipe/openid/interfaces.py

@@ -12,7 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 from abc import ABC, abstractmethod
-from typing import Any, Dict, Union, Optional
+from typing import Any, Dict, List, Union, Optional
 
 from supertokens_python.framework import BaseRequest, BaseResponse
 from supertokens_python.recipe.jwt.interfaces import (
@@ -26,9 +26,48 @@
 
 
 class GetOpenIdDiscoveryConfigurationResult:
-    def __init__(self, issuer: str, jwks_uri: str):
+    def __init__(
+        self,
+        issuer: str,
+        jwks_uri: str,
+        authorization_endpoint: str,
+        token_endpoint: str,
+        userinfo_endpoint: str,
+        revocation_endpoint: str,
+        token_introspection_endpoint: str,
+        end_session_endpoint: str,
+        subject_types_supported: List[str],
+        id_token_signing_alg_values_supported: List[str],
+        response_types_supported: List[str],
+    ):
         self.issuer = issuer
         self.jwks_uri = jwks_uri
+        self.authorization_endpoint = authorization_endpoint
+        self.token_endpoint = token_endpoint
+        self.userinfo_endpoint = userinfo_endpoint
+        self.revocation_endpoint = revocation_endpoint
+        self.token_introspection_endpoint = token_introspection_endpoint
+        self.end_session_endpoint = end_session_endpoint
+        self.subject_types_supported = subject_types_supported
+        self.id_token_signing_alg_values_supported = (
+            id_token_signing_alg_values_supported
+        )
+        self.response_types_supported = response_types_supported
+
+    def to_json(self) -> Dict[str, Any]:
+        return {
+            "issuer": self.issuer,
+            "jwks_uri": self.jwks_uri,
+            "authorization_endpoint": self.authorization_endpoint,
+            "token_endpoint": self.token_endpoint,
+            "userinfo_endpoint": self.userinfo_endpoint,
+            "revocation_endpoint": self.revocation_endpoint,
+            "token_introspection_endpoint": self.token_introspection_endpoint,
+            "end_session_endpoint": self.end_session_endpoint,
+            "subject_types_supported": self.subject_types_supported,
+            "id_token_signing_alg_values_supported": self.id_token_signing_alg_values_supported,
+            "response_types_supported": self.response_types_supported,
+        }
 
 
 class RecipeInterface(ABC):
@@ -75,12 +114,49 @@ def __init__(
 class OpenIdDiscoveryConfigurationGetResponse(APIResponse):
     status: str = "OK"
 
-    def __init__(self, issuer: str, jwks_uri: str):
+    def __init__(
+        self,
+        issuer: str,
+        jwks_uri: str,
+        authorization_endpoint: str,
+        token_endpoint: str,
+        userinfo_endpoint: str,
+        revocation_endpoint: str,
+        token_introspection_endpoint: str,
+        end_session_endpoint: str,
+        subject_types_supported: List[str],
+        id_token_signing_alg_values_supported: List[str],
+        response_types_supported: List[str],
+    ):
         self.issuer = issuer
         self.jwks_uri = jwks_uri
+        self.authorization_endpoint = authorization_endpoint
+        self.token_endpoint = token_endpoint
+        self.userinfo_endpoint = userinfo_endpoint
+        self.revocation_endpoint = revocation_endpoint
+        self.token_introspection_endpoint = token_introspection_endpoint
+        self.end_session_endpoint = end_session_endpoint
+        self.subject_types_supported = subject_types_supported
+        self.id_token_signing_alg_values_supported = (
+            id_token_signing_alg_values_supported
+        )
+        self.response_types_supported = response_types_supported
 
     def to_json(self):
-        return {"status": self.status, "issuer": self.issuer, "jwks_uri": self.jwks_uri}
+        return {
+            "status": self.status,
+            "issuer": self.issuer,
+            "jwks_uri": self.jwks_uri,
+            "authorization_endpoint": self.authorization_endpoint,
+            "token_endpoint": self.token_endpoint,
+            "userinfo_endpoint": self.userinfo_endpoint,
+            "revocation_endpoint": self.revocation_endpoint,
+            "token_introspection_endpoint": self.token_introspection_endpoint,
+            "end_session_endpoint": self.end_session_endpoint,
+            "subject_types_supported": self.subject_types_supported,
+            "id_token_signing_alg_values_supported": self.id_token_signing_alg_values_supported,
+            "response_types_supported": self.response_types_supported,
+        }
 
 
 class APIInterface:

supertokens_python/recipe/openid/recipe_implementation.py

@@ -39,19 +39,45 @@ class RecipeImplementation(RecipeInterface):
     async def get_open_id_discovery_configuration(
         self, user_context: Dict[str, Any]
     ) -> GetOpenIdDiscoveryConfigurationResult:
+        from ..oauth2provider.constants import (
+            AUTH_PATH,
+            TOKEN_PATH,
+            USER_INFO_PATH,
+            REVOKE_TOKEN_PATH,
+            INTROSPECT_TOKEN_PATH,
+            END_SESSION_PATH,
+        )
+
         issuer = (
-            self.config.issuer_domain.get_as_string_dangerous()
-            + self.config.issuer_path.get_as_string_dangerous()
+            self.app_info.api_domain.get_as_string_dangerous()
+            + self.app_info.api_base_path.get_as_string_dangerous()
         )
 
         jwks_uri = (
-            self.config.issuer_domain.get_as_string_dangerous()
-            + self.config.issuer_path.append(
+            self.app_info.api_domain.get_as_string_dangerous()
+            + self.app_info.api_base_path.append(
                 NormalisedURLPath(GET_JWKS_API)
             ).get_as_string_dangerous()
         )
 
-        return GetOpenIdDiscoveryConfigurationResult(issuer, jwks_uri)
+        api_base_path: str = (
+            self.app_info.api_domain.get_as_string_dangerous()
+            + self.app_info.api_base_path.get_as_string_dangerous()
+        )
+
+        return GetOpenIdDiscoveryConfigurationResult(
+            issuer=issuer,
+            jwks_uri=jwks_uri,
+            authorization_endpoint=api_base_path + AUTH_PATH,
+            token_endpoint=api_base_path + TOKEN_PATH,
+            userinfo_endpoint=api_base_path + USER_INFO_PATH,
+            revocation_endpoint=api_base_path + REVOKE_TOKEN_PATH,
+            token_introspection_endpoint=api_base_path + INTROSPECT_TOKEN_PATH,
+            end_session_endpoint=api_base_path + END_SESSION_PATH,
+            subject_types_supported=["public"],
+            id_token_signing_alg_values_supported=["RS256"],
+            response_types_supported=["code", "id_token", "id_token token"],
+        )
 
     def __init__(
         self,